Healthcare sector targeted as cyber attacks grow in Kenya
By Vanessa Sandra, April 21, 2025The healthcare sector has come up as one of the most targeted sectors when it comes to Distributed Denial-of-Service (DDoS) attacks targeting institutions, losing billions to ransomware attacks, Cyber Security Report 2025 reveals.
DDoS attacks involve multiple connected online devices, collectively known as a botnet, which are used to overwhelm a target website with fake traffic.
During the three-month period January to March 2025, some 3,678,789 DDoS attacks were launched, compromising access to critical public ICT infrastructure.
“The majority of attacks targeted government and health institutions, exploiting vulnerabilities in remote desktop services and insecure protocols to flood legitimate servers with requests, thereby preventing authorised users from accessing them,” the report said.
The sector, coming up as one of the most vulnerable sectors, witnessed a 95 per cent increase in ransomware attacks in the three months leading to December 2024. Data shows that the average ransom demand exceeds $5.2 million (Sh673.7 million) per incident.
During that period, system attacks soared to 2.4 billion, representing a 228.30 per cent increase from the system threats detected in the previous period and accounting for 96 per cent of the overall cyber threats.
According to the report, the healthcare sector, government services, internet service providers and cloud service providers came up as the top affected industries. “System attacks targeted the critical information infrastructure sector, which holds sensitive data such as financial information.
The objectives of these attacks were to disrupt, compromise, and sabotage essential systems and services on a large scale,” the report stated. The incidents in the healthcare sector included encrypting patient data and demanding a hefty ransom for its release.
In some cases, sensitive patient records have been exposed on the dark web, raising serious concerns about data privacy and protection.
Default login credentials Contributing factors to system misconfiguration-related cyberattacks include low levels of cyber risk awareness, the use of outdated or deprecated systems, default login credentials, and insufficient investment in technological infrastructure.
Public administrations, information services, and finance sectors are the top targeted sectors in the country, according to SOCRadar’s 2025 Kenya Threat Landscape Report, which highlights the growing risk to Kenya’s critical infrastructure.
In the period under review, the National Computer Incident Response Team (KE-CIRT/CC) detected over 2.5 billion cyber threat events, which represented a 201.85 per cent increase from the threat events detected in the previous period, October – December 2024.
“Inadequate patching of systems, low user awareness of various threat vectors including phishing and other forms of social engineering attacks, and the increasing use of AI-driven attacks and machine learning technologies are among the reasons for the rise in cyber threats that have been detected,” the report stated.
During the quarter, system misconfigurations and brute force attacks remained the most common, aligning with global cyber threat trends, despite the 2.85 per cent decline in brute force attacks.
The National KE-CIRT/CC detected 33.79 million brute force attack attempts majorly targeting the critical information infrastructure sector, this may be attributed to poor password management, increased automation, such as the use of cloud services, and weak security.
More Articles
